A method and system for determining that a sim and a sip client are co-located in the same ME. A sip server, an SLR, and the ME are communicatively interconnected in the system. The sim has an imsi and is arranged in the ME. In the method and system, a security module, SLM-SM, included in sim, encrypts, using a key, a variable derived from the imsi, and provides a first password parameter as a result of the encrypting. Further, a sip client location manager, SLM, included in the ME, receives the ME security code; performs an xor operation of the ME security code and the identity of the ME, and provides a second password parameter as a result of the xor operation. The SLR performs a process for sip client presence and location update for mobile operators MSISDN, including receiving the second password parameter from the SLM via the sip server, decrypting the second password parameter using the key, performing an xor-operation of the decrypting result with a seed; comparing the result of the xor-operation with the imsi, and upon match, determining that the sim and the sip client are co-located in the same ME.
|
7. A mobile communication system, including:
a mobile equipment, ME, a sip server, a sip location register, SLR,
the ME, sip server and SLR being communicatively interconnected,
the ME including a sim and a sip client location manager, SLM,
the sim being arranged in the ME, the sim having an imsi,
the sim including a security module, SLM security module, which is configured to
encrypting, using a key, a variable derived from the imsi,
providing a first password parameter as a result of the encrypting step, and
calculating an ME security code by an xor operation of the password parameter and an identity of the ME;
the SLM being configured to:
receiving the ME security code;
performing an xor-operation of the ME security code and the identity of the ME, and
providing a second password parameter as a result of the xor operation,
wherein the SLR is configured to perform a process for sip client presence and HLR update for mobile operators MSISDN, the process including:
receiving the second password parameter from the SLM via the sip server;
decrypting the second password parameter using the key;
performing an xor-operation of the decrypting result with a seed;
comparing the result of the xor-operation with the imsi; and
upon match, determining that the sim and the sip client are co-located in the same ME.
1. A method for determining that a sim and a sip client are co-located in the same mobile equipment, ME,
wherein a sip server, a sip location register, SLR, and the ME are communicatively interconnected, the sim being arranged in the ME, the sim having an imsi,
the method comprising the following steps performed by a security module, SLM-SM, included in sim:
encrypting, using a key, a variable derived from the imsi,
providing a first password parameter as a result of the encrypting step; and
calculating an ME security code by xor operation of the password parameter and an identity of the ME;
the method further comprising the following steps performed by a sip client location manager, SLM, included in the ME:
receiving the ME security code;
performing an xor operation of the ME security code and the identity of the ME, and
providing a second password parameter as a result of the xor operation;
the method further comprising a process, performed by the SLR, for sip client presence and location update for mobile operators MSISDN, the process including:
receiving the second password parameter from the SLM via the sip server;
decrypting the second password parameter using the key;
performing an xor-operation of the decrypting result with a seed;
comparing the result of the xor-operation with the imsi; and
upon match, determining that the sim and the sip client are co-located in the same ME.
2. The method according to
wherein the encrypting step, performed by the SLM security module, includes deriving the variable from the imsi by an xor operation of the imsi with a seed.
4. The method according to
5. The method according to
receiving a request for sending routing information from a HLR; and initiating an alive request towards the SLM; and
determining, based on a response from the SLM, if the ME is available or not available on Wi-Fi.
6. The method according to
if the ME is available on Wi-Fi, sending to the HLR a response including a valid mobile subscriber roaming number.
8. The system according to
wherein the SLM security module is configured to, in the encrypting step, deriving the variable from the imsi by an xor operation of the imsi with a seed.
10. The system according to
11. The system according to
wherein the SLR is further configured to
transmitting a location update message to the HLR, the location update message containing an identity of the SLR as a VLR address,
receiving an accept message from the HLR, and upon receipt, sending an access accept message to the sip server.
12. The system according to
wherein the SLR is further configured to
receiving a request for routing information from the HLR, and upon receipt, transmitting an alive request to the SLM,
upon lack of response from the SLM within a predetermined timeout period, indicating that the ME is currently not available on WiFi.
13. The system according to
wherein the SLR is further configured to
receiving a request for routing information from the HLR, and upon receipt, transmitting an alive request to the SLM, and
upon receipt of an alive response from the SLM, indicating that the ME is currently available on WiFi.
14. The system according to
wherein the ME is a portable communication device which is enabled to communicate by mobile communication.
|
|||||||||||||||||||||||||||||
This application is a U.S. National Phase of International Application No. PCT/EP2015/052782, filed Feb. 10, 2015, which claims priority to Norwegian Application No. 20140180, filed Feb. 12, 2014, the disclosures of which are incorporated by reference herein.
The present invention relates in general to mobile communication technology. More specifically, the invention relates to a method and a system for determining that a SIM and a SIP client are co-located in the same mobile equipment (ME).
Smartphone applications (apps) software environment limits the communications between an app and a SIM-card applet. Most smartphone operating systems do not offer any API (application programming interface) for SIM-card applet access. Some smartphones offer app developers access to the mobile equipment's identity, while others only offer access to the unit identity with no relationship to the identity parameters stored in SIM card.
SIP (Session Initiation Protocol) is a signaling communications protocol generally used for controlling communication sessions, including voice and video, over Internet Protocol (IP) networks. Mobile operators offering SIP clients for their mobile subscribers based on passwords for SIP registration might experience that SIP registration is initiated from another device than the mobile equipment containing a SIM card associated with the mobile subscription MSISDN. MSISDN (mobile subscriber) is an identification uniquely identifying a mobile subscription.
Mobile operators offering SIP on Wi-Fi integrated on the mobile subscription MSISDN will experience that HLR (Home Location Register) is not updated with the presence information from a mobile equipment registered on a SIP server. Incoming calls received when the SIP client is outside Wi-Fi network coverage will not reach the end-user SIP client mobile equipment while the calling party will experience a no-answer call attempt from the mobile operator.
Several pieces of mobile equipment (mobile devices) can be associated with a mobile subscription. Each device will contain a SIM card and the mobile identity will be used to identify the mobile station. A subscriber with a Twin SIM subscription can use two devices for mobile services. Routing preferences in the mobile operator will direct incoming calls to the preferred device in the case that both devices is available for receiving calls. In a case where the Twin SIM concept is applied to a combination of a SIP client and a standard GSM user on the same mobile equipment, incoming calls directed towards the SIP client while the mobile equipment is outside the Wi-Fi coverage will not be answered. This may result in a long delay before the call is redirected to the Twin over GSM.
U.S. 2007/254648 relates to a system for using dual mode handsets or «softphone» clients for voice, message and data services. The system includes, i.a., a SIP user agent with SIM based authentication and location update. U.S. 2007/254648 ensures that SIM and SIP user agent are co-located in the same ME by using internal communication on the device. However, no open APIs exist for a smartphone App to communicate with the SIM card. So the SIP user agent in U.S. 2007/254648 cannot be implemented as an Sip Client App.
There is need for an improved, secure method for determining that a SIM and a SIP client are co-located in the same ME, in particular without relying on direct, internal communication between the SIM and the SIP client.
Advantages over the background art are provided by a method and a system for determining that a SIM and a SIP client are co-located in the same mobile equipment, as set forth in the appended independent claims.
Advantageous and alternative embodiments are set out in the dependent claims.
Additional features, principles and advantages of the present invention will be recognized from the detailed description below. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Some further possible, particular advantages of certain disclosed aspects include:
The invention will be described by exemplary embodiments in the following detailed description.
More particularly, a method for determining that a SIM and a SIP client are co-located in the same mobile equipment may be performed in the system 1.
Structurally, the mobile communication system 1 comprises at least one or a plurality of mobile equipment, ME, 10. Each mobile equipment ME 10 may, e.g., be a smartphone, a tablet computer, a portable computer or any other portable communication device which is enabled to communicate by mobile communication, such as 4G, 3G, GSM, etc.
Particularly, the ME includes a SIP client. SIP (Session Initiation Protocol) is a standardised signalling protocol for controlling communication sessions over a network, and is particularly used to provide multimedia communications (e.g. Voice over IP (VoIP)) over Internet Protocol (IP) networks.
Each ME 10 or at least one of the MEs 10 operating in the system includes a subscriber identity module, SIM, 20 which in turn includes a SLM security module SLM-SM, 22. The SLM security module 22 may be embodied as an application program code applet, executed by a processing device implemented in the SIM 20. The SLM security module 22 is configured to operate in accordance with certain aspects or steps of the presently disclosed method.
In addition to the security module, the SIM 20 may contain other regular features of a SIM, as will be known to persons skilled in the art. Hence, the SIM 20 may be a removable smart card with a processing device and a memory, storing i.a. an international mobile subscriber identity (IMSI), security authentication and ciphering information, temporary information related to local networks, information related to available services, and user credentials such as PIN and PUK codes.
Each ME 10, or at least one of the MEs 10 operating in the system 1, further includes a SIP Location Manager, SLM, 32. The SLM 32 may be embodied as an application program (“app”) contained in a memory and executed in an application software environment of the ME 10. For instance, the SLM 32 may be an application program running under a mobile operating system such as Android or Apple iOS, or any other operating system suitable for use with the mobile equipment ME 10. The SLM 32 may be configured to operate in accordance with certain aspects or steps of the presently disclosed method.
The mobile communication system 1 further includes at least one (as illustrated) or a plurality of SIP servers 50. A SIP server is a computational device providing services to SIP clients, e.g. a SIP client provided in an ME 10.
The mobile communication system 1 further includes at least one or a plurality of mobile network operators 60 with Home Location Register HLR 70. Each mobile network operator 60 included in the system, or at least some of the mobile network operators 60, may be configured with Twin SIM or multiple-SIM type subscriptions.
Further, the mobile communication system 1 includes a SIP Location Register SLR 40, which is configured to operate in accordance with certain principles of the presently disclosed method, as explained later. Typically, the SLR 40 includes a processing device which is configured to execute computer processing instructions which causes the SLR 40 to perform certain aspects or steps of the presently disclosed method.
Functional aspects of the SLR 40, SLM 32 and the SLM-SM 22, and the functional interaction between these modules or elements, are discussed in the following.
The SIM 20, which is identified by an IMSI, is arranged to provide a first password parameter in a SIP Registration Message. To this end, the SLM-SM 22, included in the SIM, is configured to perform steps of encrypting, using a key, a variable derived from the IMSI, and providing the first password parameter as a result of the encrypting step. The encrypting step may include deriving the variable from the IMSI by an XOR operation of the IMSI with a seed, or alternatively, the variable may equal the IMSI.
In an aspect, the SIM 20 may be arranged and interconnected in the ME 10, and SLM-SM 22 may be further configured to calculate an ME security code by an XOR operation of the first password parameter and an identity of the ME.
The ME 10 comprises a SIM 20 which is configured as described above. The ME 10 further comprises the SLM 32, which may be configured to receive the ME security code; perform an XOR operation of the ME security code and the identity of the ME, and provide a second password parameter as a result of the XOR operation. The identity of the ME may be an IMEI, or it may be derived from the IMEI.
The mobile communication system 1 includes an ME 10 which is configured as described above, the SIP server 50 and the SLR 40. The ME 10, SIP server 50 and SLR 40 are communicatively interconnected. Further, the SLR 40 may be configured to perform a process for SIP client presence and HLR update for mobile operators MSISDN. Such a process may include the following steps:
If it matches, the following checks will be made:
Upon match, determining that the SIM 20 and the SLM 32 are co-located in the same ME 10 and the following will be performed:
Further aspects of the system, related to SIP location management, will be described in the following. In these aspects, the SLR 40 may be configured to perform certain additional steps, related to SIP location management.
The system may further comprise a mobile operator core network including a HLR, enabling communication between the SLR 40 and the HLR 70.
In an aspect, the SLR 40 is configured to transmitting a location update message to the HLR, the location update message containing an identity of the SLR 40 as a VLR address. The SLR 40 is also configured to receiving an accept message from the HLR 70, and upon receipt, sending an access accept message to the SIP server.
In a further aspect of the system, the SLR 40 is also configured to receiving a request for routing information from the HLR 70, and upon receipt, transmitting an alive request to the SLM 32. Further, upon lack of response from the SLM 32 within a predetermined timeout period, the SLR 40 is configured to indicating that the ME 10 is currently not available.
In another aspect, upon receipt of an alive response from the SLM 32 within the predetermined timeout period, the SLR 40 may be configured to indicating that the ME 10 is currently available.
Features relating to SIP location management have also been described with reference to
The leftmost column of steps, starting at the initiating step 100, are performed by a security module, SLM-SM 22, included in a subscriber identity module, SIM 20. The SIM 20 has an IMSI. The SIM 20 may be operatively arranged in a mobile equipment, ME 10.
The SLM-SM receives a message Over-The-Air (OTA) from the SLR requesting a ME security code. The message might contain a seed.
First, in the encrypting step 110, a variable derived from the IMSI is encrypted, using a key. The encrypting step 110 may include deriving the variable from the IMSI by an XOR operation of the IMSI with a seed. In a particular embodiment, the variable equals the IMSI. The IMSI is taken from EF_IMSI file on the SIM card.
Next, in the password parameter step 120, the first password parameter is provided as a result of the encrypting step.
Optionally, the method further comprises the calculating step 130, also performed by the SLM Security module 22.
The calculating step 130 includes calculating an ME security code by an XOR operation of the first password parameter, provided in the password parameter step 120, and an identity of the ME.
The ME security code are then sent to the SLR 40.
The steps performed at the SLM-SM 22 may be terminated at the terminating step 140. Alternatively, the steps may be reiterated.
The central column of steps in
SLR 40 stores the ME security code received from the SLM-SM 22 and the stored ME security code is sent to the SLM 32.
First, in the receiving step 210, the ME security code calculated in step 140 is received at the SLM 32.
The SLM 32 acquires an ME identity from the ME 10 (i.e. the IMEI value).
Next, in the XOR operation step 220, an XOR operation is performed of the ME security code received in the receiving step 210 and the identity of the ME 10.
Subsequently, in the second password parameter providing step 230, a second password parameter is provided in the SLM 32 as a result of the XOR operation.
The identity of the ME 10 may, in an aspect, be an IMEI. In an alternative aspect, the identity of the ME may be derived from the IMEI.
The steps performed at the SLM 32 may be terminated at the terminating step 240. Alternatively, the steps may be reiterated.
The rightmost column of steps in
In this aspect, a SIP server 50, a SIP Location Register, SLR 40, and the ME 10 are communicatively interconnected. Further, a process, for SIP client presence and HLR update for mobile operators MSISDN is performed by the SLR.
The SIP Authentication is a challenge-based mechanism. The SIP username is based on the MSISDN and a domain name.
The SIP Server will challenge the SLM with a realm and a “nonce”. The SLM has a username within this realm, and it calculates a response based on a number of data, including a “secret” which in this case is the second password parameter. The SIP server uses Radius to carry out the authentication.
First, the SRL may check that the SIP authentication response parameter is based on the SIP password as an ordinary Radius Server functionality. If not, the SIP registration will fail.
The process includes the following steps:
First, in the receiving step, 310, the second password parameter, provided by the SLM 32, is received from the SLM 32 via the SIP server.
Further, in the decrypting step 310, the second password parameter is decrypted, using the key.
Further, in the XOR operation step 330, an XOR-operation is performed of the result of the decrypting step 310 with a seed.
Then, in the comparison step 340, the result of the XOR operation is compared with the IMSI. Upon match between the result of the XOR operation and the IMSI, determining step 350 is performed. Otherwise step 370 is performed.
In the determining step 350 the SLR determines that the SIM 20 and the SLM 32 are co-located in the same ME. Upon match, it is determined that the SIM and the SIP client are co-located in the same mobile equipment, ME:
The following may be performed:
In the determining step 370 the SLR determines that the SIM 20 and the SLM 32 are not co-located in the same ME or that the second password is not derived from the first password generated a the SIM 20 co-located in the same ME as the SLM 32 that submitted the second password to the SIP server 50. A Radius response is sent back to the SIP server indicating SIP registration failure.
The steps performed at the SLR may be terminated after either after the determining step 350 or the determining step 360, at the terminating step 360. Alternatively, the steps may be reiterated.
The mobile communication system is basically of the type disclosed with reference to
These aspects and functions are particularly achieved by configuring the SLR 40 to perform certain steps as illustrated in
In step 81, the SLR 40 receives a Send_Routing_Information_request from the home mobile operator HLR 70.
In step 82, the SLR 40 initiates an alive request towards the SLM 32.
In step 83, an Is_Alive response from the SLM 32 will indicate that the ME 10 is available on Wi-Fi. Lack of response from the SLM will indicate that the ME 10 is currently not available on Wi-Fi.
In step 84, the SLR 40 receives an alive response from the SLM 32 indicating that the ME is currently available on Wi-Fi and sends a response to the HLR 70 including a valid mobile subscriber roaming number in the Send_Routing_Information_Response message.
In step 85, the SLR 40 sends a response to the HLR 70 including a Send_Routing_Information_Response with no mobile subscriber roaming number.
In step 86, the SLR 40 sends a Purge message towards the HLR 70.
The invention has been described above as exemplary detailed embodiments. People skilled in the art will recognize that many alterations and variations are possible within the scope of the appended claims.
Faller, Torbjoern, Roesok, Rolf
| Patent | Priority | Assignee | Title |
| Patent | Priority | Assignee | Title |
| 7546459, | Mar 10 2004 | TELEFONAKTIEBOLAGET LM ERICSSON PUBL | GSM-like and UMTS-like authentication in a CDMA2000 network environment |
| 9503879, | Dec 14 2012 | IPCO AS | Method for serving visitor subscribers in a mobile communication system |
| 20050135622, | |||
| 20070254648, | |||
| 20080092212, | |||
| 20080293382, | |||
| 20090247120, | |||
| 20100085937, | |||
| WO2007093989, | |||
| WO2007120921, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Feb 10 2015 | IPCO AS | (assignment on the face of the patent) | / | |||
| Aug 29 2016 | FALLER, TORBJOERN | IPCO AS | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 045362 | /0067 | |
| Aug 29 2016 | ROESOK, ROLF | IPCO AS | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 045362 | /0067 |
| Date | Maintenance Fee Events |
| Mar 07 2022 | REM: Maintenance Fee Reminder Mailed. |
| Aug 22 2022 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
| Date | Maintenance Schedule |
| Jul 17 2021 | 4 years fee payment window open |
| Jan 17 2022 | 6 months grace period start (w surcharge) |
| Jul 17 2022 | patent expiry (for year 4) |
| Jul 17 2024 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Jul 17 2025 | 8 years fee payment window open |
| Jan 17 2026 | 6 months grace period start (w surcharge) |
| Jul 17 2026 | patent expiry (for year 8) |
| Jul 17 2028 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Jul 17 2029 | 12 years fee payment window open |
| Jan 17 2030 | 6 months grace period start (w surcharge) |
| Jul 17 2030 | patent expiry (for year 12) |
| Jul 17 2032 | 2 years to revive unintentionally abandoned end. (for year 12) |